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REPLY BRIEF UNDER 37 CFR 41.4Ka¥n 

Mail Stop Board of Patent Appeals and interferences 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Sir: 

In response to the Examiner's Answer dated October 9, 2007, applicant replies 

as follows: 

REAL PARTY IN INTEREST 

The real party in interest is Hewlett-Packard Development Company, LP, a 
limited partnership established under the laws of the State of Texas and having a principal 
place of business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter "HPDC"). 
HPDC is a Texas limited partnership and is a wholly-owned affiliate of Hewlett-Packard 
Company, a Delaware Corporation, headquartered in Palo Alto, CA. The general or 
managing partner of HPDC is HPQ Holdings, LLC. 


RELATED APPEALS AND INTERFERENCES 

Applicant's Representative has not identified, and does not know of, any other 
appeals of interferences which will directly affect or be directly affected by or have a bearing 
on the Board's decision in the pending appeal. 

STATUS OF CLAIMS 

Claims 1-10 are pending in the application. Claims were finally rejected, in the 
Office Action dated February 28, 2005. Applicant's appeal the final rejection of claims 1-10, 
which are copied in the attached CLAIMS APPENDIX. 

STATUS OF AMENDMENTS 
The last Response was filed September 7, 2004. 

SUMMARY OF CLAIMED SUBJECT MATTER 

The current application is directed towards a method for securing control- 
device-logical-unit ("CDLUN") operations within a disk-array controller (206 in Figure 2), or 
in other mass-storage-device controllers, invoked by remote host computers. As explained in 
the current application in the two paragraphs beginning on line 27 of page 4, a CDLUN is 
essentially a type of virtual LUN provided by a mass-storage controller to allow remote, host 
computers to invoke controller functionality involving mulfiple LUNs. As explained in the 
current application, beginning on line 16 of page 3, a LUN, or logical unit, represents some 
portion of the storage capabilities of a mass-storage-device, and a disk-array controller, or 
other mass-storage-device controller, provides LUNs (208-215 in Figure 2) as interfaces to 
the various portions, or partitions, of mass-storage space (203-205 in Figure 2) within a mass- 
storage device (202 in Figure 2). Certain operations, such as LUN mirroring, involve 
multiple LUNs. The CDLUN was devised as a target for addressing requests by remote host 
computers to a mass-storage-device controller for multi-LUN, or multi-partition, operations, 
such as a request to mirror one LUN to a different LUN, and for other mass- storage-device 
controller operations. 

Although CDLUNs serve admirably in the capacity intended, an additional 
problem was subsequently discovered. In general, access to individual LUNs, and to 
operations carried out with respect to individual LUNs, is controlled by various security 


mechanisms. For example, a remote host computer storing sensitive data on a particular 
LUN of a disk array generally arranges for the LUN storing sensitive data to be at least write- 
protected, and often both read-protected and write-protected, so that only the remote host 
computer, and no other remote host computer, can access the sensitive data. These security 
mechanisms are easily extended to CDLUNs. Thus, for example, only authorized remote 
host computers can request mirroring operations through a particular CDLUN. However, 
these security mechanisms have proven to be inadequate to prevent unauthorized access to 
individual LUNs as a result of multi-LUN operations requested through CDLUNs. For 
example, although remote host computer A may have neither read nor write access to LUN 
X, remote host computer A may still alter the contents of LUN X by, for example, requesting 
that LUN Y be mirrored to LUN X by sending a multi-LUN request to a CDLUN to which 
remote host computer A is authorized to send multi-LUN requests. Embodiments of the 
present invention address this potential security and access problem, and other related 
problems. 

Independent claim 1 and dependent claims 2-5 that depend from claim 1 claim 
a method for authorizing access by remote entities to logical units provided by a mass storage 
device. The method includes steps of: (1) providing an access table that includes entries that 
each represents authorization of a particular remote entity to access a particular logical unit; 

(2) providing a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

(3) when a remote entity requests execution of an operation directed to a specified control 
device logical unit and involving one or more additional specified logical units, authorizing 
the request for execution of the operation only when an entry currently exists in the access 
table that represents authorization of the remote entity to access the specified control device 
logical unit and, for each of the one or more additional specified logical units, an entry exists 
in the supplemental access table that represents authorization of the specified control device 
logical unit to access the additional specified logical unit. 

Independent claim 6 and dependent claims 7-10 that depend from claim 6 
claim an authorization system for authorizing access by remote entities to logical units 
provided by a mass storage device. The claimed authorization system includes: (1) a request 
detecting component that detects requests for execution of an operation generated by a 
remote entity; (2) an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; (3) a supplemental access table that 
includes entries that each represents authorization of a particular control device logical unit to 


access a particular logical unit; and (4) control logic that authorizes a request made by a 
remote entity, detected by the request detecting component, directed to a specified control 
device logical unit and involving one or more additional specified logical units only when an 
entry exists in the access table that represents authorization of the remote entity to access the 
specified control device logical unit and, for each of the one or more additional specified 
logical units, an entry exists in the supplemental access table that represents authorization of 
the specified control device logical unit to access the additional specified logical unit. 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Whether claims 1-10 of the current application are anticipated under 35 U.S.C. § 
1 02(e) by Ito et al., U.S. Patent No. 6,684,209. 

ARGUMENT 

Claims 1-10 are currently pending in the application. In the Examiner's 
Answer, dated April 18, 2007, the Examiner withdrew the 35 U.S.C. § 112, second 
paragraph, rejections of claims 1, 2, 4-5, 7, and 9-10 and the 35 U.S.C. § 103(a) rejections of 
claims 1-2, 4, 6-7, and 9 under 35 U.S.C. § 103(a) as being obvious over Tulloch, 
"Administering Internet Information Server 4," New York, McGraw-Hill Professional, 1998, 
ISBN: 0072128232 ("Tulloch") in view of "Microsoft Windows NT Server, Resource 
Guide," Microsoft Press, 1996, ISBN: 1,57231,344,7 ("Windows NT"), while maintaining 
the 35 U.S.C. § 102(e) rejections of claims 1-10 as being anticipated by Ito et al., U.S. Patent 
No. 6,684,209 ("Ito"). Appellants' representative respectfully traverses the 35 U.S.C. § 
102(e) rejections of claims 1-10. 

ISSUE 1 

1. Whether claims 1-10 of the current application are anticipated under 35 U.S.C. § 
102(e) by Ito et al., U.S. Patent No. 6,684.209 . 

The purpose of the current Reply Brief is to respond to certain of the the 
Examiner*s arguments included in an Examiner's Answer dated October 9, 2007 ("Examiner's 
Answer). The Examiner's arguments begin on page 5 of the Examiner's Answer. The 
Examiner begins by stating: 

Appellant's representative questions Ito's disclosure of an "access table" and a 


"supplemental access table". It appears that appellant's representative 
essentially argues three main issues: 

I. The "access table" and the "supplemental access table" cannot be read 
as a single table, 

II. Ito's Supplemental Access Table does not include entries that each 
represents authorization of a particular CDLUN to access a particular LUN, 

III. CDLUNs disclosed by Ito are not the same as CDLUNs in appellant's 
invention. 

Even in this initial statement, the Examiner mischaracterizes Appellants' arguments. 

First, Appellant has never argued that the access table and supplemental access 
table disclosed in the current application could not be combined as a single table. Instead, 
Appellants have repeatedly pointed out that the access table claimed in the current claims is 
similar, in information content, to Ito's LUN Access Management Table. The currently 
claimed supplemental access table contains information that is not taught, discussed, 
disclosed, mentioned, suggested, or implied anywhere in Ito. Therefore, Ito does not, and 
cannot possibly, anticipate the supplemental access table of the current claims, whether or not 
merged with the access table to form a single table. 

Second, Ito does not teach, mention, or suggest a supplemental access table as 
claimed in the current application. There is no supplemental access table disclosed or 
suggested in Ito, and therefore there is no " Ito's Supplemental Access Table." Appellants 
stated this fact on page 7 of the Supplemental Appeal Brief, filed February 17, 2006 
("Supplemental Brief): "Secondly, Ito does not teach, mention, or suggest a supplemental 
access management table, as clearly claimed in current claim 1, and all claims that depend 
from claim 1." Appellants reiterated that Ito does not teach, mention, or suggest a 
supplemental access table in the Reply Brief filed June 18, 2007 ("First Reply Brief): "Ito 
does not discuss, mention, or suggest a supplemental access table, each entry of which 
authorizes access of LUNs of Ito's storage subsystem by other LUNs of Ito's storage 
subsystem." 

Third, Appellants have shown mnay times that Ito does not teach, mention, or 
suggest CDLUNs. On page 7 of the Supplemental Brief, Appellants stated: "Ito does not 
once teach, mention, or suggest a CDLLTN that is used by remote host computers as a single 
target, or single numerical value, to represent controller functionality involving multiple 
LUNs." In the First Reply Brief, Appellants stated: '*Ito does not teach, mention, or suggest 
that Ito's virtual LUNs bear any resemblance or connection with CDLUNs, and Ito does not 


once use the term CDLUN or the equivalent phrase "control device logical unit." 

In Appellants' representative's respectfully offered opinion, even the first 
above-quoted assertions by the Examiner in the Examiner's Answer appear to rather seriously 
mischaracterize Appellants' arguments, and appear to suggest that the Examiner has failed to 
read and understand the Supplemental Brief, the First Reply Brief, and Ito. The Examiner 
maintained baseless and unfounded rejections based on Tulloch and Windows NT up until 
the original Appeal Brief was filed on July 28, 2005, and appears to again maintain rejections 
based on Ito despite clear evidence that Ito does not teach, mention, suggest, or imply that to 
which the current claims are directed. 

On page 6 of the Examiner's Answer, the Examiner pieces together various 
quotes from Appellants' First Reply Brief, filed June 18, 2007. The Examiner quotes a first 
portion of the first complete paragraph on page 7 of the First Reply Brief and then skips the 
last portion of that paragraph and the beginning of the next paragraph before quoting a 
passage from the interior of the next paragraph. The portion of the paragraphs skipped by the 
Examiner include the essential positions stated by Appellants in the First Reply Brief, 
including the sentences following the first quoted passage: "However, Appellant's 
representative emphatically disagrees with the Examiner's first, conclusory paragraph on page 
4 of the Examiner's Answer . . . The above-quoted conclusory paragraph does not follow 
from anything in Ito or even from the Examiner's summary of Ito ..." 

On page 7 of the Examiner's Answer, the Examiner begins: "For clarity 
purposes, at this point the examiner wishes to address applicant newly presented argument 
that 'access table' and a 'supplemental access table' cannot be read as a single table." 
Appellants' representative disagrees that Appellants have made a new argument in the First 
Reply Brief. Appellants quite clearly, and in great detail, discussed, beginning in the first full 
paragraph on page 7 of the Supplemental Brief, the fact that nothing in Ito teaches, mentions, 
or suggests Appellants' claimed supplemental access management table. This is not a new 
argument. 

Beginning with the second paragraph of page 7 in the Examiner's Answer and 

continuing through page 9, the Examiner provides a seemingly bizarre justification for 

attempting to read both claim elements "access table" and "supplemental access table" onto 

either a single table disclosed by Ito or onto two distinct and dissimilar tables disclosed by 

Ito. The Examiner states, in the final paragraph of page 7 of the Examiner's Answer: 

Fig. 14 of Ito can be considered as two tables merged together. The evidence 
of such interpretation (besides the arguments presented above) additionally is 


supported by Fig. 21 of Ito. Fig. 14 shows a "composite" table having a 
plurality of columns (WWW; Virtual LUN and LUN) and a set of rows (1402 
to 1414). 

The Examiner appears to argue that, since the Examiner has arbitrarily defined the table 

shown by Ito in Figure 14 to be a "composite table," whatever that means, that therefore the 

table shown in Figure 14 can be viewed as two tables merged together. In other words, the 

Examiner feels that by arbitrarily defining the table in Figure 14 to be two tables merged 

together, it logically follows that the table shown in Figure 14 can be considered to be two 

tables merged together. Of course, Ito does not provide any basis for such circular reasoning. 

Instead, Ito states, beginning on line 17 of column 12: 

In a representative embodiment according to the present invention, a 
"LUN Access Management Table" 1401 is defined as illustrated in Figure 14. 
The table 1401 defines, for each port in the storage subsystem, a combination 
of an LUN in the storage system, a virtual LUN created by renumbering the 
LUN according to the user^s convenience, for example, and a WWN of the 
host computer likely to access the virtual LUN. 

Subsequently, beginning on line 42 of column 12, Ito states: 

In FIG. 14, the host computer having WWN 1402 is permitted to 
access the real LUNsO-3 through the Virtual LUNsO-3. In the same way, the 
host computers having WWNs 1403-1414, are permitted to access the real 
LUNs listed in 1417 through the Virtual LUNs listed in 1416, respectively. 

It is certainly the case that, in general, information may be represented in many different 
ways. In many cases, information included in a single table may be partitioned and instead 
included in multiple tables. However, as is well known to anyone with even cursory 
understanding of computer science and information theory, or familiar with the presentation 
of information in tables, one cannot arbitrarily partition information in tables or merge 
separate tables without the risk of losing information represented by a table, in the first case, 
or implying information not contained in the separate tables, in the second case. 

In Ito's LUN Access Management Table shown in Figure 14, each row, such 
as row 1402, includes three different fields corresponding to the three different columns 
1415, 1416, and 1417. As clearly stated by Ito, throughout Ito's disclosure and in the above 
quoted passages, each row in Ito's LUN Access Management Table represents the fact that a 
host computer associated with the WWN included in the first field of a row may access any 
of the virtual LUNs, included in the second field of the row, that correspond to the LUNs 
included in the third field of the row. In other words, the latter two fields, corresponding to 
columns "virtual LUN" 1416 and "LUN" 1417 provide a one-to-one mapping, or re- 


numbering, of LUNs to virtual LUNs. As Appellants' representative has pointed out many 
times during the appeal process, a virtual LUN is, in Ito, simply an alternative numeric 
designation for a LUN. That is why, in Figure 14, each virtual-LUN field and corresponding 
LUN field include an identical number of numeric labels. Furthermore, as can be observed in 
Figure 14 of Ito, and as explicitly stated by Ito in the above-quoted passages, the one-to-one 
mappings of LUNs to virtual LUNs is specific to a particular host computer. That is the 
entire purpose of Ito's disclosure, to provide different numbering, or labels, for LUNs for 
each of the different host computers that access the LUNs. Thus, Ito's LUN Access 
Management Table shows the LUN-to-virtual-LUN re-numbering schemes for each host 
computer identified by a particular WWN. 

Ito's LUN Access Management Table can obviously not be arbitrarily 
partitioned into multiple tables, or generated by arbitrarily combining two other tables. For 
example, a table with one column that lists all the WWNs associated with host computers and 
a two-column table with a "virtual LUN" and "LUN" columns cannot simply be merged 
together to form Ito's LUN Access Management Table without some additional information 
that associates a particular WWN to a particular one-to-one numbering of LUNs to virtual 
LUNs. In order to preserve the information represented by Ito's LUN Access Management 
Table during a partition of the table, two separate tables would need to be created with an 
additional column in each of the separate tables. The first table might have two columns 
"WWN" and "remapping index" to associate each WWN corresponding to a host computer 
with the index of a particular LUN-to-virtual LUN one-to-one remapping. The second table 
might have three columns: "remapping index column," "virtual LUN," and "LUN." Using 
these two tables, one could find the one-to-virtual-LUN remapping of a particular host 
computer by first finding the remapping index, in the first table, associated with the WWN of 
the host computer, and then using the remapping index to locate an entry in the second table 
corresponding to that host computer. Otherwise, the partitioning would result in the loss of 
the associations between host computers and particular LUN-to-virtual-LUN mappings. 

The point of the above observations is that, while information may be 
variously partitioned into different numbers of tables, great care must always be taken to 
avoid losing information contained within a table or creating unfounded implications when 
merging two tables into a single table. A table represents information, and it is the 
information being represented, not the form of the table, that dictates how the information 
may be alternatively partitioned and separate tables merged. The fact that the information 
contained in a table can be alternatively represented does not, in any way, justify or support a 


conclusion that the access table of the current application and the supplemental access table 
of the current application contain the same information as, or can be merged together to 
produce, Ito's LUN Access Management Table. As Appellants have repeatedly pointed out in 
the First Reply Brief and Supplemental Brief, the access table of the current application is 
similar to Ito's LUN Access Management Table. The supplemental access table of the 
current application contains additional information concerning authorization of access to 
LUNs by CDLUNs which is not contained in the access table of the current application, in 
Ito's LUN Access Management Table, in Ito's two column table showing S ID values 
corresponding to WWNs in Figure 21 of Ito, or anywhere else in Ito. No combination of 
anything in of the tables shown in Figure 14 and Figure 21 of Ito represents anything to do 
with authorization of CDLUNs to access other LUNs, authorization of any LUN to access 
another LUN, or anything at all to do with CDLUNs. 

The Examiner, following the above-quoted statement of circular reasoning, 

then states: 

Fig. 21, on the other hand, shows two separate tables, namely as "WW-S_ID 
Conversion Table" having only 2 columns (SID and WWN) and a "LUN 
Access Management Table". 

The two tables shown in Figure 21 do not contain the same information as contained in the 
table shown in Figure 14. The "WWN-S_ID Conversion Table" 2103 shows a one-to-one 
mapping between the contents of an S_ID field of a message frame header (Ito, column 13, 
lines 49-51) and the WWN associated with a host computer. In other words, the S_ID is 
another name for a host computer, generally identified by a WWN. It is true that Ito's WWN- 
S_ID Conversion Table 2103 and Ito's LUN Access Management Table could be combined, 
but, in order to not lose information, the combined table would need four columns: (1) S_ID; 
(2) WWN; (3) virtual LUN; and (4) LUN. This combined table would show the same 
information as shown by Ito's LUN Access Management Table, along with the additional 
information about the correspondence between S IDs and WWNs. However, the merged 
table would have nothing whatsoever to do with Appellants' claimed supplemental access 
table, which represents authorization of CDLUNs to access LUNs. 

In the claims of the current application. Appellants clearly claim a first table, 
referred to as an "access table," that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit, and a "supplemental access table" 
that includes entries that each represents authorization of a particular control device logical 
unit to access a particular logical unit." As has been repeatedly explained by Appellants over 


the course of prosecution of the current application, a control device logical unit, or CDLUN, 
is a virtual LUN that represents an operation carried out on multiple LUNs. A CDLUN is 
simply a convenient target for a multi-LUN operation issued by a remote host computer. As 
disclosed in the current application, and as repeatedly discussed throughout prosecution of 
the current application, a CDLUN may, for example, be a convenient target for operations 
directed to mirror-LUN pairs. For example, should a host computer wish to discontinue, or 
break, a mirror pair, the host computer could issue a single break command to the CDLUN 
representing a mirrored pair of LUNs, rather than needing to issue separate commands to 
each LUN in the pair of LUNs. There is not one-to-one correspondence between LUNs and 
CDLUNs. A CDLUN generally represents an operation carried out on a set of LUNs. The 
LUN Access Management Table shown in Figure 14 of Ito represents, in part, an association 
between remote host computers, or remote entities, and one-to-one re-numberings, or 
remappings, of LUNs to virtual LUNs. The table does not, however, include any information 
about CDLUNs or anything remotely similar to CDLUNs. As Appellants' representative has 
repeatedly pointed out, a virtual LUN in Ito is simply another name for a LUN. That is why, 
for each row in Ito's LUN Access Management Table, the field "virtual LUN" contains 
exactly the same number of numeric designators as the field "LUN." No matter how the 
information in Ito's LUN Access Management Table is partitioned into separate tables, no 
partitioning can create information that is not included in Ito's LUN Access Management 
Table. There is nothing in Ito's LUN Access Management Table that would allow one to 
infer allowed access of a particular LUN to a set of virtual LUNs. Ito does not teach, 
mention, or suggest any such information or associations. Ito does not, in fact, teach, 
mention, or suggest anything at all concerning CDLUNs for multi-LUN operations. Ito's 
LUN Access Management Table represents allowed accesses of remote entities, namely host 
computers associated with a WWN, to LUNs. It does not show any information related to 
allowed accesses between a first LUN and a second LUN. Nothing in Ito remotely suggests 
that Ito's LUN Access Management Table contains information regarding which LUNs can 
be accessed by a given LUN. The concept of access of a LUN by another LUN is not taught, 
mentioned, suggested, or in any way implied by Ito. Thus, there is nothing in Ito, or in Ito's 
LUN Access Management Table, that in any way suggests a "supplemental access table that 
includes entries that each represents authorization of a particular control device logical unit to 
access a particular logical unit." This is an extremely simple concept. Appellants rely on 
what Ito explicitly states and illustrates, on the teachings of the current application, and on 
very simple and well-known principles of information representation. 


At the bottom of page 10 of the Examiner's Answer, the Examiner states: "As 
shown above, Ito discloses a Supplemental Access Table that includes entries of indicating a 
CDLUN and indicating a LUN." Nothing in the Examiner's Answer provides any support for 
this statement. Apparently the Examiner feels that repeating the same insupportable 
statement over and over, in the face of massive evidence that the statement is incorrect and 
unfounded, will somehow produce a proper rejection. Ito does not once teach, mention, or 
suggest a CDLUN. As discussed in the current application and throughout the prosecution of 
the current application, a CDLUN is not simply another name, or numerical designator, for a 
LUN. A CDLUN is a numeric designator used as a target for issuing operations that involve 
multiple LUNs. There is no general one-to-one mapping between CDLUNs and LUNs. In 
Ito, Ito explicitly states that virtual LUNs are simply alternative names, or numeric 
designators, for LUNs. In Ito, there is a one-to-one mapping between LUNs and virtual 
LUNs. This is not a difficult concept. Moreover, the term and concept CDLUN is extremely 
well known and well understood by those skilled in disk arrays and disk-array interfaces. 
Had Ito intended to disclose or suggest anything at all related to CDLUNs, Ito would 
doubtlessly have used the term "CDLUN." 

On page 1 1 of the Examiner's Response, the Examiner asserts that Ito teaches 
CDLUNs by referring to objects 1607 in Figure 16 of Ito. Appellants' Representative has 
repeatedly discussed and pointed out to the Examiner that a CDLUN is a particular type of 
virtual LUN that represents multi-LUN operations. This is explicitly disclosed in the current 
application, as pointed out in the Supplemental Brief and in the First Reply Brief Ito 
explicitly states, as quoted above with reference to Figure 14, that Ito's virtual LUNs are 
simply renumberings, or renamings, of real LUNs. Of course, this is clearly seen in Figure 
16 of Ito, where there is a complete, clear, and obvious one-to-one mapping between real 
LUNs and virtual LUNs. Ito's virtual LUN has nothing whatsoever to do with CDLUNs. 
Moreover, CDLUNs are well known to those familiar with LUN-based disk-array storage 
interfaces. The Examiner appears to be reiterating the completely insupportable assertion 
that Ito mentions or suggests something related to CDLUNs. Ito does not. Ito does not once 
use the term "CDLUN" or the phrase "control device logical unit." 

On page 12 of the Examiner's Response, the Examiner states: 

Similarly, to access table entries discussed above, the Supplemental 
Access Table includes entries of LUNs and corresponding CDLUNs that the 
LUNs can access. For example, CDLUN 1 disclosed in Figure 21 can access 
LUN 17 but it will not be able to access LUN 20. However, CDLUN 16 
disclosed in Figure 14 is authorized to access LUN 20. 


This statement is completely unfounded. Nothing in Figure 21 or anywhere else in Ito stands 
for the proposition that an entry in any table authorizes one LUN to access another. However 
the Examiner desires for Ito to disclose the currently claimed invention, Ito does not. 
Imagining associations between table entries in Ito's figures does not constitute crafting of a 
proper and supportable 35 U.S.C. §102 rejection. Nothing in Figure 21 or in the text of Ito 
suggests that the entry 2106 in Ito's LUN access management table in any way authorizes 
virtual LUN 1 to access any other LUN, including LUN 17. Beginning on line 63 of column 
14, Ito states: 

Following the steps 2010 and 2012 in FIG. 20A, the host computer 
which received the FCP_DATA containing the Inquiry Data from the storage 
subsystem, understands that the LUN is accessible, and may continue to 
access the LUN without inquiring about the accessibility of the Virtual LUN 
any more. The LUN accessed by the host computer is actually the LUN of step 
2106 in FIG. 21. The reference operation in step 2106 is the internal reference 
work in the storage subsystem and the host computer is not required to worry 
about it. On the other hand, the host computer which received the 
FCP_DATA containing Inquiry Data from the storage subsystem following 
steps 201 1 and 2012 in FIG. 20A, understands that the LUN is not accessible, 
and thereafter will not access the Virtual LUN also, without inquiring about 
the accessibility of it any more, (emphasis added) 

This is the only mention of table entry 2106 of Figure 21 in Ito that Appellants' representative 
can find. Reading the entire description of Figure 21, Appellants' representative can find not 
a single suggestion or implication that anything in the LUN access management tables stands 
for, or represents, authorization of one LUN to access another. Instead, as discussed above, 
the LUN access management table simply provides a list of LUNs that can be accessed by 
host computers along with their corresponding virtual-LUN designations. The Examiner's 
statement that CDLUN 16 disclosed in Figure 14 is authorized to access LUN 20 makes even 
less sense. Again, there are no CDLUNs listed in Figure 14, or disclosed, mentioned, 
suggested, or even remotely implied anywhere in Ito. Virtual LUN 616 is shown, in row 
1406 of the table in Figure 14, to correspond to real LUN 20. Thus, the host computer with 
WWN equal to "01234567 89ABCDCC" is authorized to access real LUN 20 by specifying 
the equivalent numeric designator "16." Nothing in Ito even remotely suggests or implies 
that entry "16" in the field "virtual LUN" in row 1406 of Ito's LUN Access Management 
Table represents or stands for authorization of virtual LUN 16 to access real LUN 20. As 
would be apparent to anyone who has actually read and understood Ito, virtual LUN "16" is 
exactly the same LUN as real LUN "20." 


At the bottom of page 13 of the Examiner's Answer, the Examiner states: 


The examiner points out that Ito's virtual LUN reads on CDLUN. The 
examiner is not sure how appellant's representative derived the conclusion that 
CDLUN (virtual LUN) disclosed by Ito is equivalent to a physical LUN. The 
term "virtual" is well known in the art of computer science and does not mean 
"physical". For example, to use more intuitive example, virtual memory used 
in a personal computer is not the same as physical memory of the computer. 
Similarly, the term "virtual" in Ito's invention does not mean "physical". 

Perhaps this statement, more than any other, clearly reveals the Examiner has failed to read 
and understand Ito and has failed to read and understand the current application. Appellants' 
representative again provides explanation of the term "CDLUN" included in the First Reply 
Brief: 

The term "control device logical unit" ("CDLUN") is a term of art well 
known to those skilled in the art of designing and manufacturing fiber-channel- 
connected storage subsystems, such as the disk arrays and other, similar mass-storage 
devices discussed in the current application and the storage subsystem discussed in 
Ito. Beginning on line 10 of page 5 of the current application, CDLUNs are described 
as follows: 

To reconcile the fact that a number of operations provided to a 
requesting remote computer by a disk array controller may involve 
multiple LUNs to the fact that, in general, in invoking any particular 
operation during many current disk array controller interfaces, a 
remote computer must specify a single target LUN, a type of virtual 
LUN known as a control-device LUN ("CDLUN") is provided by disk 
array controllers as part of the interface through which remote 
computers invoke operations. CDLUNs are essentially points of 
access to various operations provided by, and carried out by, a disk 
array controller. (Emphasis added) 

CDLUNs are additionally discussed in the Request for Reinstatement of the Appeal, 
filed February 17, 2006, and in the original Appeal Brief, filed July 28, 2005. 

As clearly stated in the current application, a CDLUN does not 
correspond to a physical LUN, but instead provides a means for host computers to 
direct multi-LUN operations and other administrative operations to a disk array or 
other mass-storage device. CDLUNs are well known in disk arrays and storage 
subsystems, and are well defined in the current application. 

Next, please consider again the characterization of Ito's LUN Access Management Table, as 

explicitly stated by Ito beginning on line 19 of column 12: 

The Table 1401 defines, for each port in the storage subsystem, a combination 
of an LUN in the storage system, a virtual LUN created by renumbering the 
LUN according on the user's convenience, for example, and a WWN of the 
host computer likely to access the virtual LUN. 


On lines 52-56 of column 9, Ito states: 

Next, in step 804, the storage subsystem searches the "LUN Access 
Management Table" using the WWN obtained as a key and obtains the Virtual 
LUN corresponding to the LUN that is a target of the Inquiry Command from 
the "LUN Access Management Table". 

Then, on lines 18-21 of column 13, Ito states: 

The effectiveness of assigning a Virtual LUN to a real LUN using the "LUN 
Access Management Table" has been explained herein above with reference to 
representative specific embodiments according to the present invention. 

It is manifestly clear and obvious that by "virtual LUN," Ito means a re-labeling or re- 
numbering of a real LUN. All of the examples in Ito's figures show one-to-one mappings 
between numbers used to designate LUNs and different numbers used to designate virtual 
LUNs corresponding to the real LUNs. Thus, for example, in Ito's LUN Access Management 
Table shown in Figure 14, LUN "30" is equivalent to LUN "0" for the host computer 
designated by WWN "01234567 89ABCDBB", as represented by row 1407. Similarly, real 
LUN "31" is equivalent to virtual LUN "1," real LUN "32" is equivalent to virtual LUN "3," 
real LUN "33" is equivalent to virtual LUN "5," and real LUN "34" is equivalent to virtual 
LUN "7," all with respect to the remote host computer associated with WWN "01234567 
89ABCDBB." In Ito, a virtual LUN is simply a different numerical designation for a real 
LUN. In the current application, a CDLUN is a type of virtual LUN, but is a virtual LUN 
that stands for a multi-LUN operation, as discussed above. 

Apparently, the Examiner cannot understand that the term "virtual LUN" as 
used in Ito does not mean, suggest, or stand for the term "CDLUN" used in the current 
application, despite repeated explanations and references both to text in the current 
application and to text and figures in Ito. Moreover, the Examiner appears unable to 
appreciate that no LUN or virtual LUN in Ito is taught or suggested as being able to access 
another LUN or virtual LUN. As is well understood to anyone familiar with disk-array 
interfaces or even basic computing, and as described in the current application in great detail, 
a LUN is, itself, a virtual mass-storage-space partition. In other words, a LUN is a collection 
of data-storage units within one or more mass-storage devices that can be collectively 
referred to by a host computer as a LUN. Mass-storage data does not, and cannot, access 
anything, including other mass-storage data. Instead, as well described in Ito, all accesses to 
Ito's LUNs and virtual LUNs are made by remote host computers or disk-array controllers. A 
CDLUN is quite different from Ito's virtual LUN. A CDLUN does not represent a mass- 
storage-device partition, but, instead, represents an operation carried out on multiple LUNs. 


A CDLUN can thus access individual LUNs, and it therefore makes sense to have a table 
indicating authorization of CDLUNs to access LUNs. That, in fact, is the information 
contained in Appellants' claimed "Supplemental Access Table." It does not make any sense 
to have a table in Ito authorizing a LUN or virtual LUN to access another LUN or virtual 
LUN. Ito's virtual LUNs and LUNs cannot access one another. They are simply data 
partitions, and can only be accessed by remote host computers or disk-array controllers. It is 
therefore not surprising that Ito does not teach, mention, or suggest a supplemental access 
table as claimed by Appellants 

The word "virtual" is used in many different ways in computer science. No 
one can assume meaning of the adjective "virtual" out of context, without understanding what 
the term is being applied to. Furthermore, the Examiner apparently fails to understand that 
classifications may be hierarchical in nature. For example, living creatures may be classified 
as belonging to one of the classifications "animal," "plant," "bacterium," and "virus." The 
category "animal" can be further subdivided into "mammal," "insect," "bird," "lizard," and 
other such types of animals. Just because a duck and a house fly both fall under the category 
"animal" does not mean that a duck and a house fly are the same creature, or even closely 
related. Similarly, the term "virtual LUN" is a broad category that may encompass various 
different subcategories of virtual LUNs. Indeed, a CDLUN is a type of virtual LUN. In Ito, a 
different numerical designator for a real LUN, referred to by Ito as a "virtual LUN," is 
another type of virtual LUN, However, just like a duck is not the same creature as a house 
fly, Ito's "virtual LUN" is not the same as a CDLUN. The above-quoted passages of the First 
Reply Brief, the current application, and Ito clearly differentiates Ito's "virtual LUN" from the 
term "CDLUN." However, to those familiar with disk-array interfaces and storage devices, it 
would be quite clear that the term "CDLUN" refers to a muhi-LUN operation, while the term 
"virtual LUN" used in Ito simply refers to another name for a real LUN. No one familiar 
with computer science or disk-array technology should have any problem understanding this 
distinction. No one familiar with computer science should have any problem understanding 
that a table that represents authorizations of host computers to access LUNs does not 
additionally contain or imply anything with regard to authorization of one LUN to access 
another. Those familiar with computer science well understand that neither a LUN nor a 
synonym for a LUN can access another LUN. 

CONCLUSION 

As discussed above, Ito is unrelated to the currently claimed subject matter. 


« 


Ito does not teach, mention, or suggest the currently claimed supplemental access table, and 
Ito does not teach, mention, or suggest any kind of two-part authorization in which an access 
table is first consulted to authorize access by a host computer of a CDLUN provided by a 
disk array or storage subsystem, and then a supplemental access table is separately consulted 
to separately authorize access by the CDLUN to additional, separately specified LUNs 
provided by the disk array or storage subsystem. In fact, Ito does not one teach, mention, 
suggest, or imply anything at all related to CDLUNs. 


Appellants respectfully submit that all statutory requirements are met and that 


the present application is allowable over all the references of record. Therefore, Appellants 
respectfully requests that the present application be passed to issue. 
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CLAIMS APPENDIX 


1. 


A method for authorizing access by remote entities to logical units provided 


by a mass storage device comprising: 

providing an access table that includes entries that each represents 
authorization of a particular remote entity to access a particular logical unit; 


authorization of a particular control device logical unit to access a particular logical unit; and 
when a remote entity requests execution of an operation directed to a specified 
control device logical unit and involving one or more additional specified logical units, 

authorizing the request for execution of the operation only when an 
entry currently exists in the access table that represents authorization of the remote entity to 
access the specified control device logical unit and, for each of the one or more additional 
specified logical units, an entry exists in the supplemental access table that represents 
authorization of the specified control device logical unit to access the additional specified 
logical unit. 

2. The method of claim 1 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein authorizing a request for 
execution is carried out by a controller within the mass storage device. 

3. The method of claim 2 wherein the access table includes entries each 


providing a supplemental access table that includes entries that each represents 


comprising: 


an indication of a logical unit or control device logical unit; 

an indication of a port; and 

an indication of a remote entity. 


4. 


The method of claim 2 wherein the supplemental access table includes entries 


each comprising: 


an indication of a control device logical unit; and 
an indication of a logical unit. 


5. The method of claim 2 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 

6. An authorization system for authorizing access by remote entities to logical 
units provided by a mass storage device comprising: 

a request detecting component that detects requests for execution of an 
operation generated by a remote entity; 

an access table that includes entries that each represents authorization of a 
particular remote entity to access a particular logical unit; 

a supplemental access table that includes entries that each represents 
authorization of a particular control device logical unit to access a particular logical unit; and 

control logic that authorizes a request made by a remote entity, detected by the 
request detecting component, directed to a specified control device logical unit and involving 
one or more additional specified logical units only when an entry exists in the access table 
that represents authorization of the remote entity to access the specified control device logical 
unit and, for each of the one or more additional specified logical units, an entry exists in the 
supplemental access table that represents authorization of the specified control device logical 
unit to access the additional specified logical unit. 

7. The system of claim 6 wherein the mass storage device includes ports through 
which requests from remote entities are received, and wherein the control logic resides within 
the mass storage device. 

8. The system of claim 7 wherein the access table includes entries each 
comprising: 

an indication of a logical unit or control device logical unit; 
an indication of a port; and 
an indication of a remote entity. 


9. The system of claim 7 wherein the supplemental access table includes entries 
each comprising: 

an indication of a control device logical unit; and 
an indication of a logical unit. 

10. The system of claim 7 wherein the mass storage device is a disk array and 
remote entities are remote computers interconnected with the disk array via a 
communications medium. 
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